The secret trick used by firms helping cyberhacking victims: pay the ransom

Four payments sent after SamSam ransomware targeted entities across the US were traced by ProPublica to Proven Data

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the UK. It caused more than $30m in damages to at least 200 entities, including the cities of Atlanta and Newark, the port of San Diego and Hollywood Presbyterian medical center in Los Angeles. It knocked out Atlanta’s water service requests and online billing systems, prompted the Colorado Department of Transportation to call in the national guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6m in ransom.

“You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”